Vulnerability assessment and management (VAM)

Discover security and compliance issues and confirm they are resolved.

Businesses need real-time visibility into instances to reduce their attack surface and comply with security policies.

A continuous VAM solution allows businesses to identify and manage security in a dynamic environment. VAMs assess Amazon Machine Images (AMIs) to ensure they are hardened, and then monitor instances’ security and compliance posture from launch to termination.

Solutions

Qualys

The Qualys Vulnerability Management offers continuous security and compliance visibility for the AWS environments. With sensors built to seamlessly deploy and dynamically scale, Qualys works with the agile and elastic nature of cloud workloads.

After performing an initial comprehensive assessment of the IT, security, and compliance posture of your AMIs, agents deployed on all launched instances report changes as soon as they are detected. This allows businesses to quickly detect issues, terminate the instances, and redeploy from a hardened AMI to maintain good hygiene of the operational instances. With flexible deployment models that can leverage virtual scanners, Cloud agents or both, Qualys can work with a business' architecture to deliver security and compliance assurance.

Ancestry, a global leader in family history and consumer genomics, migrated their workloads to AWS to take advantage of development agility, elasticity to support their growth, business cyclicality, reliability, and availability. Ancestry deploys environments using AMI’s and Cloud Formation templates and uses Qualys’ Vulnerability Management and Policy Compliance applications to identify AMI vulnerabilities and configuration issues so the AMI’s can be hardened before new instances are launched.

Ancestry also deploys Qualys in production to assess instances, and when issues are identified, terminates vulnerable instances and redeploys them from hardened AMI’s. After deploying Qualys, Ancestry has reduced the vulnerabilities in their environments by over 80% and have effectively eliminated externally accessible high and critical vulnerabilities from their AWS environments.

Qualys delivers our vulnerability management infrastructure as a service, so we do not have to invest in operating that ourselves. We are able to devote our time to remediating vulnerabilities and managing our risk, leaving the identification of vulnerabilities and configuration issues to Qualys. The platform's ability to expand and contract with our environments gave us confidence that we had full visibility at all times, and their interactive dashboards allowed us to track our results across teams to achieve significant improvements in our instances’ security and compliance posture.

- Leader at Ancestry

AWS Marketplace is a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on AWS.